Problems in 802.1x, HP2650, (P)EAP and IAS Radius.

Hi all,

I have setting up 802.1x and IAS enviroment. Now in some reason i cannot log my username/password/domain combitation in my network. My 2650 sw H.08.98 only says "radius: Can't reach RADIUS server 192.168.0.103". When i ping it its response. There is no log information in IAS logs. My configuration is something like this:

Re: Problems in 802.1x, HP2650, (P)EAP and IAS Radius.

Hi,Take a look at Event Viewer, System. This should provide some information on IAS log. If you are getting NAS-IP-Address: 127.0.0.1, then its the share secret key. Go to IAS, RADIUS Client, and provide the switch ip address as well as the share secret.

Re: Problems in 802.1x, HP2650, (P)EAP and IAS Radius.

Hi,

As i wrote "When i try to port-access chap-radius, then log says something". I have setup Enterasys devices to use IAS with PEAP and those works. I have also triple checked shared secret. I have also sniffed that traffic and it seems to be ok. It seems that IAS dont care PEAP authentication, when access request comes HP swithes. Any other suggestion?

Re: Problems in 802.1x, HP2650, (P)EAP and IAS Radius.

Triple check if the IAS is listens for you packets on the radius port!!! As I mentioned before sometimes port is locked by other service (e.g. RRAS).You definitely must see an event in the event log (for example unsupported message type). You can also use "iasparse" tool from the resource kit.

Make sure IAS works at all. You can implement administrator authentication via Radius and check if it working.

Re: Problems in 802.1x, HP2650, (P)EAP and IAS Radius.

Hi Ville,

Please downgrade to a version of code before H.08.95. The next version of code released on the web should have a fix included for PEAP, these will be release numbers greater than H.08.103. I suspect that using one of these code releases will fix your problem.

Re: Problems in 802.1x, HP2650, (P)EAP and IAS Radius.

I dont know if anyone here had this problem, but that "no untagged" line from the primary VLAN caused many of my ports from my switch not to work. Whenever i tried to directly assign a port as "untagged" to another VLAN, i lost access to switch from part of the ports. The only solution i found was to first declare the ports as "tagged", then "no tagged", then "untagged" in the new VLAN.